To increase the security of transactions, SCA has a requirement for multi-factor authentication. SCA requires that transactions are authenticated with at least two of these three factors:

• Possession: Something the user has, like a token
• Knowledge: Something the user knows, like a pin or a password
• Inherence: Something the user is. Most commonly refers to biometrics like fingerprints.

With Okay, you can add an additional layer of security without having to write or manage the security requirements needed for a secure and trusted transaction. Check out our previous post where we cover just how Okay provides 2FA support.

Beyond what is commonly called second factor authentication, the EBA also made a few requirements about security itself, around the transaction, and around its authentication process.

In June 2019, the European Banking Authority (EBA) published an opinion on how the elements of SCA should be understood under PSD2. When evaluating whether or not your service is SCA compliant under PSD2, it is important to make sure that it is in line with EBA’s opinion. 

With Okay’s checklist, you have an easy-to-use tool to check if your app is ready for PSD2 SCA compliance. In addition to the authentication factors, the checklist includes points on the secure environment, malware protection and documentation of the solution.

Download the checklist, and check if you are ready for SCA under PSD2!